Skip to main content
CVE-2017-5255 HIGH POC THREAT Act Now

In version 3.5 and prior of Cambium Networks ePMP firmware, a lack of input sanitation for certain parameters on the web management console allows any authenticated user (including the otherwise. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and EPSS exploitation probability 71.4%.

Command Injection Epmp 1000 Firmware Epmp 2000 Firmware
NVD Exploit-DB
CVSS 3.0
8.8
EPSS
71.4%
Threat
5.4
CVE-2017-5254 HIGH POC THREAT Act Now

In version 3.5 and prior of Cambium Networks ePMP firmware, the non-administrative users 'installer' and 'home' have the capability of changing passwords for other accounts, including admin, after. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and EPSS exploitation probability 67.6%.

Authentication Bypass Epmp 1000 Firmware Epmp 2000 Firmware
NVD
CVSS 3.0
8.8
EPSS
67.6%
Threat
5.3
CVE-2017-5259 HIGH POC THREAT Act Now

In versions 4.3.2-R4 and prior of Cambium Networks cnPilot firmware, an undocumented, root-privilege administration web shell is available using the HTTP path. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and EPSS exploitation probability 66.3%.

Information Disclosure Cnpilot R190V Firmware Cnpilot E410 Firmware Cnpilot R190N Firmware Cnpilot E400 Firmware +1
NVD
CVSS 3.0
8.8
EPSS
66.3%
Threat
5.3
CVE-2012-2576 CRITICAL POC THREAT Emergency

SQL injection vulnerability in the LoginServlet page in SolarWinds Storage Manager before 5.1.2, SolarWinds Storage Profiler before 5.1.2, and SolarWinds Backup Profiler before 5.1.2 allows remote. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and EPSS exploitation probability 41.1%.

SQLi Backup Profiler Storage Manager Storage Profiler
NVD Exploit-DB
CVSS 3.0
9.8
EPSS
41.1%
Threat
4.7
CVE-2017-5260 HIGH POC THREAT Act Now

In versions 4.3.2-R4 and prior of Cambium Networks cnPilot firmware, although the option to access the configuration file is not available in the normal web administrative console for the 'user'. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and EPSS exploitation probability 33.4%.

Information Disclosure Cnpilot R190V Firmware Cnpilot E410 Firmware Cnpilot R190N Firmware Cnpilot E400 Firmware +1
NVD
CVSS 3.0
8.8
EPSS
33.4%
Threat
4.3
CVE-2017-5261 HIGH POC THREAT Act Now

In versions 4.3.2-R4 and prior of Cambium Networks cnPilot firmware, the 'ping' and 'traceroute' functions of the web administrative console expose a file path traversal vulnerability, accessible to. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and EPSS exploitation probability 24.1%.

Path Traversal Cnpilot R190V Firmware Cnpilot E410 Firmware Cnpilot R190N Firmware Cnpilot E400 Firmware +1
NVD
CVSS 3.0
8.8
EPSS
24.1%
Threat
4.0
CVE-2017-17790 CRITICAL POC Act Now

The lazy_initialize function in lib/resolv.rb in Ruby through 2.4.3 uses Kernel#open, which might allow Command Injection attacks, as demonstrated by a Resolv::Hosts::new argument beginning with a. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Command Injection Ruby
NVD GitHub
CVSS 3.0
9.8
EPSS
4.7%
CVE-2017-17777 CRITICAL POC Act Now

Paid To Read Script 2.0.5 has authentication bypass in the admin panel via a direct request, as demonstrated by the admin/viewvisitcamp.php fn parameter and the admin/userview.php uid parameter. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Authentication Bypass PHP Paid To Read Script
NVD GitHub
CVSS 3.0
9.8
EPSS
0.7%
CVE-2017-6094 CRITICAL POC Act Now

CPEs used by subscribers on the access network receive their individual configuration settings from a central GAPS instance. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Information Disclosure Gaps
NVD
CVSS 3.0
9.8
EPSS
0.4%
CVE-2017-17779 CRITICAL POC Act Now

Paid To Read Script 2.0.5 has SQL injection via the referrals.php id parameter. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

SQLi PHP Paid To Read Script
NVD GitHub
CVSS 3.0
9.8
EPSS
0.2%
CVE-2017-5262 HIGH POC This Week

In versions 4.3.2-R4 and prior of Cambium Networks cnPilot firmware, the SNMP read-only (RO) community string has access to sensitive information by OID reference. Rated high severity (CVSS 8.0), this vulnerability is low attack complexity. Public exploit code available and no vendor patch available.

Information Disclosure Cnpilot R190V Firmware Cnpilot E410 Firmware Cnpilot R190N Firmware Cnpilot E400 Firmware +1
NVD
CVSS 3.0
8.0
EPSS
7.8%
CVE-2017-17774 HIGH POC PATCH This Week

admin/configuration.php in Piwigo 2.9.2 has CSRF. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

CSRF PHP Piwigo
NVD GitHub
CVSS 3.0
8.8
EPSS
0.1%
CVE-2017-17789 HIGH POC This Week

In GIMP 2.8.22, there is a heap-based buffer overflow in read_channel_data in plug-ins/common/file-psp.c. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Buffer Overflow Memory Corruption Gimp Debian Linux Ubuntu Linux
NVD
CVSS 3.1
7.8
EPSS
0.9%
CVE-2017-17796 HIGH POC This Week

In TG Soft Vir.IT eXplorer Lite 8.5.65, the driver file (VIRAGTLT.SYS) allows local users to cause a denial of service (BSOD) or possibly have unspecified other impact because of not validating input. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. Public exploit code available and no vendor patch available.

Denial Of Service Vir It Explorer Lite
NVD GitHub
CVSS 3.0
7.8
EPSS
0.1%
CVE-2017-17795 HIGH POC This Week

In IKARUS anti.virus 2.16.20, the driver file (ntguard.SYS) allows local users to cause a denial of service (BSOD) or possibly have unspecified other impact because of not validating input values. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. Public exploit code available and no vendor patch available.

Denial Of Service Anti Virus
NVD GitHub
CVSS 3.0
7.8
EPSS
0.1%
CVE-2017-14969 HIGH POC This Week

In IKARUS anti.virus before 2.16.18, the ntguard.sys driver contains an Arbitrary Write vulnerability because of not validating input values from IOCtl 0x83000084, a related issue to CVE-2017-17114. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. Public exploit code available and no vendor patch available.

Buffer Overflow Memory Corruption Anti Virus
NVD
CVSS 3.0
7.8
EPSS
0.0%
CVE-2017-14968 HIGH POC This Week

In IKARUS anti.virus before 2.16.18, the ntguard.sys driver contains an Arbitrary Write vulnerability because of not validating input values from IOCtl 0x830000c4, a related issue to CVE-2017-17113. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. Public exploit code available and no vendor patch available.

Information Disclosure Anti Virus
NVD
CVSS 3.0
7.8
EPSS
0.0%
CVE-2017-14967 HIGH POC This Week

In IKARUS anti.virus before 2.16.18, the ntguard.sys driver contains an Arbitrary Write vulnerability because of not validating input values from IOCtl 0x83000080. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. Public exploit code available and no vendor patch available.

Information Disclosure Anti Virus
NVD
CVSS 3.0
7.8
EPSS
0.0%
CVE-2017-14966 HIGH POC This Week

In IKARUS anti.virus before 2.16.18, the ntguard.sys driver contains an Arbitrary Write vulnerability because of not validating input values from IOCtl 0x830000c0. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. Public exploit code available and no vendor patch available.

Information Disclosure Anti Virus
NVD
CVSS 3.0
7.8
EPSS
0.0%
CVE-2017-14965 HIGH POC This Week

In IKARUS anti.virus before 2.16.18, the ntguard.sys driver contains an Arbitrary Write vulnerability because of not validating input values from IOCtl 0x830000cc. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. Public exploit code available and no vendor patch available.

Information Disclosure Anti Virus
NVD
CVSS 3.0
7.8
EPSS
0.0%
CVE-2017-14964 HIGH POC This Week

In IKARUS anti.virus before 2.16.18, the ntguard.sys driver contains an Arbitrary Write vulnerability because of not validating input values from IOCtl 0x8300005c. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. Public exploit code available and no vendor patch available.

Information Disclosure Anti Virus
NVD
CVSS 3.0
7.8
EPSS
0.0%
CVE-2017-14963 HIGH POC This Week

In IKARUS anti.virus before 2.16.18, the ntguard.sys driver contains an Arbitrary Write vulnerability because of not validating input values from IOCtl 0x83000058. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. Public exploit code available and no vendor patch available.

Information Disclosure Anti Virus
NVD
CVSS 3.0
7.8
EPSS
0.0%
CVE-2017-14962 HIGH POC This Week

In IKARUS anti.virus before 2.16.18, the ntguard.sys driver contains an Out of Bounds Write vulnerability because of not validating input values from IOCtl 0x83000058, a related issue to. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. Public exploit code available and no vendor patch available.

Buffer Overflow Memory Corruption Anti Virus
NVD
CVSS 3.0
7.8
EPSS
0.0%
CVE-2017-17804 HIGH POC This Week

In IKARUS anti.virus 2.16.20, the driver file (ntguard.SYS) allows local users to cause a denial of service (BSOD) or possibly have unspecified other impact because of not validating input values. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. Public exploit code available and no vendor patch available.

Denial Of Service Anti Virus
NVD GitHub
CVSS 3.0
7.8
EPSS
0.0%
CVE-2017-17803 HIGH POC This Week

In TG Soft Vir.IT eXplorer Lite 8.5.65, the driver file (VIRAGTLT.SYS) allows local users to cause a denial of service (BSOD) or possibly have unspecified other impact because of not validating input. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. Public exploit code available and no vendor patch available.

Denial Of Service Vir It Explorer
NVD GitHub
CVSS 3.0
7.8
EPSS
0.0%
CVE-2017-17802 HIGH POC This Week

In TG Soft Vir.IT eXplorer Lite 8.5.65, the driver file (VIRAGTLT.SYS) allows local users to cause a denial of service (BSOD) or possibly have unspecified other impact because of not validating input. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. Public exploit code available and no vendor patch available.

Denial Of Service Vir It Explorer
NVD GitHub
CVSS 3.0
7.8
EPSS
0.0%
CVE-2017-17801 HIGH POC This Week

In TG Soft Vir.IT eXplorer Lite 8.5.65, the driver file (VIRAGTLT.SYS) allows local users to cause a denial of service (BSOD) or possibly have unspecified other impact because of not validating input. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. Public exploit code available and no vendor patch available.

Denial Of Service Vir It Explorer
NVD GitHub
CVSS 3.0
7.8
EPSS
0.0%
CVE-2017-17800 HIGH POC This Week

In TG Soft Vir.IT eXplorer Lite 8.5.65, the driver file (VIRAGTLT.SYS) allows local users to cause a denial of service (BSOD) or possibly have unspecified other impact because of not validating input. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. Public exploit code available and no vendor patch available.

Denial Of Service Vir It Explorer
NVD GitHub
CVSS 3.0
7.8
EPSS
0.0%
CVE-2017-17799 HIGH POC This Week

In TG Soft Vir.IT eXplorer Lite 8.5.65, the driver file (VIRAGTLT.SYS) allows local users to cause a denial of service (BSOD) or possibly have unspecified other impact because of not validating input. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. Public exploit code available and no vendor patch available.

Denial Of Service Vir It Explorer
NVD GitHub
CVSS 3.0
7.8
EPSS
0.0%
CVE-2017-17798 HIGH POC This Week

In TG Soft Vir.IT eXplorer Lite 8.5.42, the driver file (VIRAGTLT.SYS) allows local users to cause a denial of service (BSOD) or possibly have unspecified other impact because of not validating input. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. Public exploit code available and no vendor patch available.

Denial Of Service Vir It Explorer
NVD GitHub
CVSS 3.0
7.8
EPSS
0.0%
CVE-2017-17797 HIGH POC This Week

In IKARUS anti.virus 2.16.20, the driver file (ntguard.SYS) allows local users to cause a denial of service (BSOD) or possibly have unspecified other impact because of not validating input values. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. Public exploit code available and no vendor patch available.

Denial Of Service Anti Virus
NVD GitHub
CVSS 3.0
7.8
EPSS
0.0%
CVE-2017-16725 CRITICAL Act Now

A Stack-based Buffer Overflow issue was discovered in Xiongmai Technology IP Cameras and DVRs using the NetSurveillance Web interface. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Buffer Overflow Ahb7008F8 H Firmware Ahb7008F4 H Firmware Ahb7008F2 H Firmware Ahb7008T Mh V2 Firmware +132
NVD
CVSS 3.0
9.8
EPSS
8.5%
CVE-2017-17746 MEDIUM POC This Month

Weak access control methods on the TP-Link TL-SG108E 1.0.0 allow any user on a NAT network with an authenticated administrator to access the device without entering user credentials. Rated medium severity (CVSS 6.8), this vulnerability is low attack complexity. Public exploit code available and no vendor patch available.

TP-Link Authentication Bypass Tl Sg108E Firmware
NVD
CVSS 3.0
6.8
EPSS
0.2%
CVE-2017-17747 MEDIUM POC This Month

Weak access controls in the Device Logout functionality on the TP-Link TL-SG108E v1.0.0 allow remote attackers to call the logout functionality, triggering a denial of service condition. Rated medium severity (CVSS 6.5), this vulnerability is no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

TP-Link Denial Of Service Authentication Bypass Tl Sg108E Firmware
NVD
CVSS 3.0
6.5
EPSS
0.2%
CVE-2017-4933 HIGH This Week

VMware ESXi (6.5 before ESXi650-201710401-BG), Workstation (12.x before 12.5.8), and Fusion (8.x before 8.5.9) contain a vulnerability that could allow an authenticated VNC session to cause a heap. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Buffer Overflow Memory Corruption VMware RCE Workstation Pro +2
NVD
CVSS 3.1
8.8
EPSS
7.1%
CVE-2017-17780 MEDIUM POC PATCH This Month

The Clockwork SMS clockwork-test-message.php component has XSS via a crafted "to" parameter in a clockwork-test-message request to wp-admin/admin.php. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

XSS WordPress PHP Booking Calendar Sms Clockwork Sms Notfications +6
NVD
CVSS 3.1
6.1
EPSS
0.3%
CVE-2017-17752 MEDIUM POC This Month

Ability Mail Server 3.3.2 has Cross Site Scripting (XSS) via the body of an e-mail message, with JavaScript code executed on the Read Mail screen (aka the /_readmail URI). Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

XSS Ability Mail Server
NVD Exploit-DB
CVSS 3.0
6.1
EPSS
0.3%
CVE-2017-17775 MEDIUM POC This Month

Piwigo 2.9.2 has XSS via the name parameter in an admin.php?page=album-3-properties request. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

XSS PHP Piwigo
NVD GitHub
CVSS 3.0
6.1
EPSS
0.2%
CVE-2017-17794 CRITICAL PATCH Act Now

validate_form_preferences in admin/preferences.php in BlogoText through 3.7.6 allows attackers to bypass intended access restrictions via vectors related to an e-mail address field. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Authentication Bypass PHP Blogotext
NVD GitHub
CVSS 3.0
9.8
EPSS
0.1%
CVE-2017-4941 HIGH PATCH This Week

VMware ESXi (6.0 before ESXi600-201711101-SG, 5.5 ESXi550-201709101-SG), Workstation (12.x before 12.5.8), and Fusion (8.x before 8.5.9) contain a vulnerability that could allow an authenticated VNC. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. This Buffer Overflow vulnerability could allow attackers to corrupt memory to execute arbitrary code or crash the application.

Buffer Overflow RCE VMware Fusion Workstation +1
NVD
CVSS 3.1
8.8
EPSS
4.8%
CVE-2017-1696 HIGH PATCH This Week

IBM QRadar 7.2 and 7.3 could allow a remote authenticated attacker to execute arbitrary commands on the system. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity.

IBM Information Disclosure Qradar Security Information And Event Manager
NVD
CVSS 3.0
8.8
EPSS
4.0%
CVE-2017-5258 MEDIUM POC This Month

In version 3.5 and prior of Cambium Networks ePMP firmware, an attacker who knows or can guess the RW community string can provide a URL for a configuration file over SNMP with XSS strings in certain. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

XSS Epmp 1000 Firmware Epmp 2000 Firmware
NVD
CVSS 3.0
5.4
EPSS
0.2%
CVE-2017-17776 MEDIUM POC This Month

Paid To Read Script 2.0.5 has full path disclosure via an invalid admin/userview.php uid parameter. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

PHP Information Disclosure Paid To Read Script
NVD GitHub
CVSS 3.0
5.3
EPSS
0.2%
CVE-2017-14385 HIGH This Week

An issue was discovered in EMC Data Domain DD OS 5.7 family, versions prior to 5.7.5.6; EMC Data Domain DD OS 6.0 family, versions prior to 6.0.2.9; EMC Data Domain DD OS 6.1 family, versions prior. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Buffer Overflow Data Domain Data Domain Os
NVD
CVSS 3.0
7.5
EPSS
9.2%
CVE-2017-1757 HIGH This Week

IBM Security Guardium 10.0 is vulnerable to SQL injection. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

SQLi IBM Security Guardium
NVD
CVSS 3.0
8.8
EPSS
1.1%
CVE-2017-17476 HIGH PATCH This Week

Open Ticket Request System (OTRS) 4.0.x before 4.0.28, 5.0.x before 5.0.26, and 6.0.x before 6.0.3, when cookie support is disabled, might allow remote attackers to hijack web sessions and. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Exposure of Sensitive Information vulnerability could allow attackers to access sensitive data that should not be disclosed.

Information Disclosure Otrs Debian Linux
NVD GitHub
CVSS 3.0
8.8
EPSS
0.9%
CVE-2017-17782 HIGH This Week

In GraphicsMagick 1.3.27a, there is a heap-based buffer over-read in ReadOneJNGImage in coders/png.c, related to oFFs chunk allocation. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Buffer Overflow Information Disclosure Graphicsmagick Debian Linux
NVD
CVSS 3.0
8.8
EPSS
0.7%
CVE-2017-16587 HIGH PATCH This Week

This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Foxit Reader 8.3.2.25013. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Use After Free vulnerability could allow attackers to access freed memory to execute arbitrary code or crash the application.

Memory Corruption Use After Free RCE Foxit Reader
NVD
CVSS 3.0
8.8
EPSS
0.4%
CVE-2017-16586 HIGH PATCH This Week

This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Foxit Reader 8.3.2.25013. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Use After Free vulnerability could allow attackers to access freed memory to execute arbitrary code or crash the application.

Memory Corruption Use After Free RCE Foxit Reader
NVD
CVSS 3.0
8.8
EPSS
0.4%
CVE-2017-16585 HIGH PATCH This Week

This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Foxit Reader 8.3.2.25013. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Use After Free vulnerability could allow attackers to access freed memory to execute arbitrary code or crash the application.

Memory Corruption Use After Free RCE Foxit Reader
NVD
CVSS 3.0
8.8
EPSS
0.4%
Page 1 of 3 Next

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy